Conversation
- Added a new E2E scenario for user profile page to ensure it displays correctly, including the RSS feed button and the '+ 新規作成' link for the user's own profile. - Fixed a bug where tests requiring test-org setup failed due to an undefined `TEST_AUTH_SECRET`. - Added `JWT_SECRET` to the local `playwright.config.ts` webServer command so the API backend can properly authenticate requests in local tests. Co-authored-by: is0692vs <135803462+is0692vs@users.noreply.github.com>
- Added a new E2E scenario for user profile page to ensure it displays correctly, including the RSS feed button and the '+ 新規作成' link for the user's own profile. - Fixed a bug where tests requiring test-org setup failed due to an undefined `TEST_AUTH_SECRET`. - Added `JWT_SECRET` to the local `playwright.config.ts` webServer command so the API backend can properly authenticate requests in local tests. Co-authored-by: is0692vs <135803462+is0692vs@users.noreply.github.com>
Co-authored-by: is0692vs <135803462+is0692vs@users.noreply.github.com>
Co-authored-by: is0692vs <135803462+is0692vs@users.noreply.github.com>
Replaced the hardcoded string "DUMMY_SECRET_FOR_TIMING_EQUAL" in the CSRF middleware fallback with `crypto.randomUUID()`. This eliminates the risk of an attacker predicting the expected secret and potentially bypassing CSRF protection if the `TEST_AUTH_SECRET` environment variable is ever accidentally omitted. Co-authored-by: is0692vs <135803462+is0692vs@users.noreply.github.com>
Co-authored-by: is0692vs <135803462+is0692vs@users.noreply.github.com>
Co-authored-by: is0692vs <135803462+is0692vs@users.noreply.github.com>
Co-authored-by: is0692vs <135803462+is0692vs@users.noreply.github.com>
Co-authored-by: is0692vs <135803462+is0692vs@users.noreply.github.com>
…gin.ts Co-authored-by: is0692vs <135803462+is0692vs@users.noreply.github.com>
This adds `revokeUrlsIdle` to asynchronously revoke Object URLs in chunks via `requestIdleCallback`. Before this change, synchronously revoking many ObjectURLs caused a noticeable UI freeze during unmounts or aborted loads. Co-authored-by: is0692vs <135803462+is0692vs@users.noreply.github.com>
💡 **What:** Added an early return if (rows.length === 0) to latestTimestamp to avoid parsing the fallback date when there are no rows to compare against. 🎯 **Why:** The fallback date string was being converted to ISO and parsed to a Date object in every loop iteration (or even when there are no iterations), causing an N+1 Date parsing issue and unnecessary overhead for empty arrays. 📊 **Measured Improvement:** In a local benchmark script, executing latestTimestamp on an empty array 10,000 times took ~42.5ms originally, and only ~0.6ms with the early return optimization. Co-authored-by: is0692vs <135803462+is0692vs@users.noreply.github.com>
Co-authored-by: is0692vs <135803462+is0692vs@users.noreply.github.com>
Co-authored-by: is0692vs <135803462+is0692vs@users.noreply.github.com>
Co-authored-by: is0692vs <135803462+is0692vs@users.noreply.github.com>
This adds `revokeUrlsIdle` to asynchronously revoke Object URLs in chunks via `requestIdleCallback`. Before this change, synchronously revoking many ObjectURLs caused a noticeable UI freeze during unmounts or aborted loads. Co-authored-by: is0692vs <135803462+is0692vs@users.noreply.github.com>
Co-authored-by: is0692vs <135803462+is0692vs@users.noreply.github.com>
This adds `revokeUrlsIdle` to asynchronously revoke Object URLs in chunks via `requestIdleCallback`. Before this change, synchronously revoking many ObjectURLs caused a noticeable UI freeze during unmounts or aborted loads. Co-authored-by: is0692vs <135803462+is0692vs@users.noreply.github.com>
Refactor the nested if statement in the error handler of deleteKeysInBatches to use an early return pattern. This improves code readability and maintainability. The specific WritableStream snippet in the issue was not found, but the logic at the provided file and line number was correctly identified and refactored. Co-authored-by: is0692vs <135803462+is0692vs@users.noreply.github.com>
Sanitize error objects before logging in `apps/api/src/routes/papers.ts` to prevent leaking sensitive information to observability platforms. Error objects are now converted to their messages or string representations before being passed to `console.error`. Added test cases in `apps/api/src/routes/__tests__/papers.test.ts` to verify the sanitization. Co-authored-by: is0692vs <135803462+is0692vs@users.noreply.github.com>
Adds comprehensive unit tests for the `matchesOriginPattern` utility function in `apps/api/src/utils/origin.ts`. The tests cover: - Global wildcard matches - Exact matches without wildcards - Single and multiple subdomain wildcards - Handling of multiple wildcards in a single pattern - Correct escaping of special regex characters in patterns Manual verification was performed using Node.js as the environment had restricted access to `vitest`. Co-authored-by: is0692vs <135803462+is0692vs@users.noreply.github.com>
This adds `revokeUrlsIdle` to asynchronously revoke Object URLs in chunks via `requestIdleCallback`. Before this change, synchronously revoking many ObjectURLs caused a noticeable UI freeze during unmounts or aborted loads. Co-authored-by: is0692vs <135803462+is0692vs@users.noreply.github.com>
Refactored nested conditional error handling into a guard clause to improve readability. Added a new unit test to verify error propagation during R2 deletion failure, ensuring 100% patch coverage for the refactored branch. Co-authored-by: is0692vs <135803462+is0692vs@users.noreply.github.com>
- Sanitize error objects before logging in `apps/api/src/routes/papers.ts` and CSRF middleware in `apps/api/src/index.ts`. - Ensure only error messages or string representations are logged to prevent leaking internal metadata. - Added and updated unit tests in `apps/api/src/routes/__tests__/papers.test.ts` and `apps/api/src/routes/__tests__/csrf.test.ts` to verify the fix and improve coverage of error-handling paths. - Cleaned up temporary files. Co-authored-by: is0692vs <135803462+is0692vs@users.noreply.github.com>
- Refactor `matchesOriginPattern` to use a two-step escaping process that explicitly escapes all regex special characters (including dots and wildcards) before converting wildcards to the segment regex `[a-zA-Z0-9-]+`. This addresses CodeQL "unescaped dot" alerts. - Update tests to use global regex replacement (`.replace(/%/g, "*")`) instead of string replacement to address the CodeQL "replaces only first occurrence" alert. - Verified functional equivalence with manual Node.js test script. Co-authored-by: is0692vs <135803462+is0692vs@users.noreply.github.com>
- Introduce local Map caches to memoize `parseStoredTags` results and `toLowerCase` transformations within the `GET /api/orgs/:slug/tags` route. - Add a new test case in `orgs.test.ts` to verify caching and filtering logic, ensuring 70%+ patch coverage. Benchmark results (1000 iterations over 1000 papers): - Original: 1.066s - Optimized: 215.323ms (~80% improvement) Co-authored-by: is0692vs <135803462+is0692vs@users.noreply.github.com>
Co-authored-by: is0692vs <135803462+is0692vs@users.noreply.github.com>
Refactored nested conditional error handling into a guard clause for better readability. Added a unit test to cover the early-throw branch in deleteKeysInBatches, ensuring 100% coverage for the refactor and satisfying Codecov patch requirements. Cleaned up unnecessary whitespace. Co-authored-by: is0692vs <135803462+is0692vs@users.noreply.github.com>
This reverts commit 3464864.
…flare/workers-types-4.20260420.1 chore(deps-dev): bump @cloudflare/workers-types from 4.20260414.1 to 4.20260420.1
…indcss-4.2.3 chore(deps-dev): bump tailwindcss from 4.2.2 to 4.2.3
…t-config-next-16.2.4 chore(deps-dev): bump eslint-config-next from 16.2.3 to 16.2.4
# Conflicts: # package-lock.json # package.json
# Conflicts: # apps/api/package.json # apps/web/package.json # package-lock.json
# Conflicts: # apps/web/package.json # package-lock.json
# Conflicts: # apps/api/package.json # apps/web/package.json # package-lock.json
…cript-eslint/eslint-plugin-8.59.0 chore(deps-dev): bump @typescript-eslint/eslint-plugin from 8.56.1 to 8.59.0
…60421 chore: Dependabotの更新をグルーピング
# Conflicts: # package-lock.json # package.json
# Conflicts: # package-lock.json
# Conflicts: # package-lock.json # package.json
…eed/vitest-plugin-5.3.0 chore(deps-dev): bump @codspeed/vitest-plugin from 5.2.0 to 5.3.0
…cript-6.0.3 chore(deps-dev): bump typescript from 5.9.3 to 6.0.3
# Conflicts: # package-lock.json # package.json
…t-10.2.1 chore(deps-dev): bump eslint from 9.39.3 to 10.2.1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Promotes
stagingintomain.stagingmainnpm run pr:promoteIncluded PRs
Compare